SSL Certificate Analysis for quest.com - Security Grade & TLS Configuration

Open Cached · just now

88/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 11

YouTube

Brightcove

Google Analytics

Google Conversion Tracking

Google Tag Manager

OneTrust

OptinMonster

ShareThis

Storylane

Vimeo

ZeroSSL

Certificate Information

Subject

CN=quest.com

Issuer

C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA

Valid From

February 05, 2026

Valid Until

May 06, 2026 79 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA384-RSA

SHA-256 Fingerprint

7D:24:A8:AF:80:F6:7A:DB:B6:F4:26:3A:98:8F:E0:A5:50:6A:29:73:0C:40:14:91:13:AB:4B:F9:B7:0D:75:A1

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2

Forward Secrecy

Limited (Check cipher configuration)

Warnings

• TLS 1.3 is not supported (recommended)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=2592000; includeSubDomains

Content-Security-Policy

Basic

default-src; script-src; style-src; +7 more

default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-WOjHqx9gBwary2kUqreTug==' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com https://privacyportal.onetrust.com https://*.google-analytics.com https://*.googleadservices.com https://*.company-target.com https://a.omappapi.com https://stage-cms-portal.quest.com https://www.quest.com/* https://cms-portal.quest.com/* https://*.qualified.com https://*.ddev.site https://app.qualified.com wss://ws7.qualified.com https://s.company-target.com https://okt.to https://ingest.upsun-us-2.observability-pipeline.blackfire.io https://admin-pipeline.upsun-us-2.observability-pipeline.blackfire.io https://static.oktopost.com https://tag.demandbase.com https://wec-assets.terminus.services https://img04.en25.com https://bat.bing.com https://scripts.clarity.ms https://www.googletagmanager.com/gtm.js https://cdnjs.cloudflare.com https://cdn.ckeditor.com https://svc.webspellchecker.net 'sha256-6KSL+V500WklKL3pUduJgPMKcNni8Vb3tFXsZRyU/0c=' 'sha256-BbgnHbY2CJBG+GrooTPBqqPO0tXekKDJyFKNu4gWjtg=' 'sha256-PjpA0xq0ZIgf8Nh2KiJBuFOKE3wAE+XpD/RdvYPZhkM=' 'sha256-XjMa+ysTMk8EwZZINLKyMrkldiQs+GsiNKzuwmrEq2A=' 'sha256-oQJqDNWFkSYH+W+pNvDoD5Ija9/dM2xldCVB2nAnbRI=' 'sha256-Inz1yxVCKoYQ8IVvAKjsMTwygUNhTI59uvDqF9f9icQ=' 'sha256-b3Uh/Oz6akoOBzPTTuMI4TxC7KcAntUMu6EcepVpiOI=' 'sha256-rjeKT1fu1p4HjHysQiFPkhFaqX3d7SG8OAJWX8jhNZs=' https://js.storylane.io 'sha256-ZswfTY7H35rbv8WC7NXBoiC7WNu86vSzCDChNWwZZDM=' https://*.gitbook.io https://vardot.gitbook.io https://*.gitbook.com https://static-2c.gitbook.com; style-src 'self' 'unsafe-inline' *.google.com *.userway.org *.googleapis.com *.analysis.windows.net *.twitter.com *.nr-data.net *.youtube.com *.youtube-nocookie.com *.vimeo.com *.pagespeed-mod.com *.googletagmanager.com *.gstatic.com *.sharethis.com *.gleap.io *.cloudflare.com *.jsdelivr.net *.gitbook.com *.omappapi.com/ https://svc.webspellchecker.net; img-src 'self' 'unsafe-inline' https: data: quest.com *.quest.com blob: cms-portal.quest.com/* ; font-src 'self' *.googleapis.com *.typekit.net *.userway.org *.analysis.windows.net *.gstatic.com *.twitter.com *.nr-data.net *.youtube.com *.youtube-nocookie.com *.vimeo.com *.pagespeed-mod.com *.googletagmanager.com data *.sharethis.com *.google.com *.gleap.io *.jsdelivr.net *.cloudflare.com https://svc.webspellchecker.net; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com *.vardot.com https: *.gleap.io *.qualified.com wss://ws7.qualified.com; frame-src 'self' 'unsafe-inline' *.webp *.twitter.com *.youtube.com *.youtube-nocookie.com *.facebook.com facebook.com *.nr-data.net *.youtube.com *.vimeo.com *.googletagmanager.com *.gleap.io *.company-target.com players.brightcove.net *.gitbook.io https://app.qualified.com https://www.googletagmanager.com https://s.company-target.com https://quest.storylane.io; object-src 'none'; base-uri 'self'; frame-ancestors 'self' *.google.com *.google-analytics.com *.analysis.windows.net *.googleapis.com *.twitter.com *.nr-data.net *.youtube.com *.youtube-nocookie.com *.vimeo.com *.pagespeed-mod.com *.googletagmanager.com *.gstatic.com *.sharethis.com *.gleap.io *.company-target.com https://www.googletagmanager.com;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

microphone=()

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

quest.com